6 matches found
CVE-2025-24982
Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while logged in, the log data may be deleted...
WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery
Overview WordPress Plugin "Activity Log WinterLock" provided by SWIT contains a cross-site request forgery vulnerability CWE-352. KENJI YOSHIKAWA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user vie...
CVE-2025-24982
Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while logged in, the log data may be deleted...
CVE-2025-24982
The CVE-2025-24982 affects the WordPress plugin Activity Log WinterLock, specifically versions prior to 1.2.5. The vulnerability is a Cross‑Site Request Forgery (CSRF) that can cause log data to be deleted when a logged‑in user views a malicious page. No root cause details beyond CSRF are provide...
WordPress plugin Activity Log WinterLock 跨站请求伪造漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists ...
JVN#94806805: WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery
WordPress Plugin "Activity Log WinterLock" provided by SWIT contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, the log data may be deleted. Solution Update the plugin Update the plugin according to the information provided by the...